In the past, security threats often involved scraping information from systems that could be used for other crimes such as identity theft. Now, criminal organizations have proceeded to directly demanding money from victims by holding their devices—and data—hostage. This trend of ransomware, in which data is encrypted and victims are prompted to pay for the key, has been growing rapidly since late 2013.*

What is ransomware?
Ransomware is a subclass of malware that is characterized by holding device control—and therefore locally stored data—for a ransom, which is typically paid using virtual currencies such as Bitcoin, though often premium SMS messaging and prepaid credit cards are alternative options. Sophisticated ransomware attacks employ disk or file-level encryption, making it impossible to recover files without paying the ransom demanded by the hackers.

Historically, ransomware has invoked law enforcement to coerce victims into paying—displaying warnings such as the FBI logo and a message indicating that illegal file sharing has been detected. More recently, the authors of ransomware payloads clearly indicate that a device has simply been hacked.

Ransomware payloads are typically distributed on file-sharing networks, but have also been distributed as part of a malvertising campaign on the Zedo ad network, as well as through phishing emails that disguise the payload as maliciously crafted images or as executables attached to emails.

For criminal organizations, the use of ransomware provides a very straight line from development to profit, as the comparatively manual labor of identity theft requires more resources. As such, the burgeoning growth of ransomware can be attributed to the ease of deployment, and a high rate of return relative to the amount of effort put forth.

For IT professionals, the risk of ransomware extends beyond desktops and notebook workstations, but has historically included smartphones and other connected computing devices, such as Synology NAS products and Android TV devices. While home users were traditionally the targets of ransomware, business networks have been increasingly targeted by criminals. Additionally, servers have become high-profile targets for ransomware attackers, as unpatched software makes systems vulnerable.

Who does ransomware affect?
In particular, healthcare service providers have been explicitly targeted in recent ransomware attacks, as well as public sector employees. Less sophisticated ransomware attacks purport to be able to restore your files after payment, though in reality the files are deleted whether users pay or not.

Ransomware attacks are generally quite successful for criminal organizations, as victims often pay the ransom. Specifically targeted attacks may result in increasingly higher ransom demands, as attackers become more brazen in their attempts to extort money from victims.

When is ransomware happening?
While the first rudimentary ransomware attack dates back to 1989, the first widespread encrypting ransomware attack was CryptoLocker, which was deployed in September 2013. Originally, victims of CryptoLocker were held to a strict deadline to recover their files, though the authors later created a web service that can decrypt systems for which the deadline has passed at the hefty price of 10 BTC (at the time of publication, the USD equivalent of 10 Bitcoin, or BTC, is approximately $5,787).

While the original CryptoLocker authors are thought to have made about $3 million USD, imitators using the CryptoLocker name have appeared with increasing frequency. The FBI’s Internet Crime Complaint Center estimates that between April 2014 and June 2015, victims of ransomware paid over $18 million USD to restore access to their devices.

How do I protect myself from a ransomware attack?
Ransomware is often spread in file-sharing networks or on websites that purport to provide direct downloads. Other traditional attack vectors have also been used, such as email attachments or malicious links. There are ways to protect against a potential infection. For enterprise workstation deployments, using Group Policy to prevent executing unknown programs is an effective security measure for ransomware and other types of malware.

We can recommend Cybersecurity Solutions that can protect your computers against ransomware or at least mitigate the effects of it.

*Source: Excerpts from TechRepublic’s Ransomware Smart Person’s Guide by James Sanders May 16th 2017.

If you would like to know more, please contact us at 1-800-871-9683 for a free consultation. Also, if you do not have online BDR (backup-disaster-recovery) and anti-virus/malware protection for your business, please give us a call to help you implement the latest systems. Our email address is: markhuffman@creativebusinesstechnologies.com

Computer users today, including business owners, are hanging onto to their old computer(s) (stand-alone, workstations and servers) when they should upgrade them. Many users are frustrated by the slow, erratic performance of their current systems and call a computer technician to fix the problem when it could be solved by simply upgrading to a later type system. This article will help you decide whether to hang onto what you have or “bite the bullet” and buy another computer.

Every Four Years is the usual point in time that you should look into purchasing a new computer. By this time, your current operating system has had many service packs and updates and sometimes this will slow down the performance of the computer, whether it is a laptop or desktop. Also, viruses and/or malware can cause damage to the operating system, requiring a complete system reload. If you are at the four year mark, you might want to consider upgrading instead of reloading.

Listed below is a list of reasons to upgrade:

CPU Speed: The Central Processing Unit is the “brains” of the computer and is in charge of how much data flows through the unit. The slower the CPU, the slower the data flow. Many times CPU bottlenecks of older systems prevent the unit from operating at an optimum level.

Hard Drive: The hard drive is where the operating system, programs and data reside on (unless the data is saved and backed up elsewhere). An older hard drive that uses platters for reading and writing data to it will be slower than a later model solid state device. Newer hard drives have very fast access speeds compared to older units.

Memory: Random Access Memory (RAM) determines how quickly the operating system, programs and data loads into the “memory” of the computer. Later model computers can handle and usually have greater amounts of memory to facilitate more robust computer operations.

System Board: The system board (otherwise known as the “motherboard”) will have different components on it (cache, chipset, etc.) that will help the computer to run more smoothly and efficiently. The newer the board, the better.

Microsoft Windows 10: If your company is still using computers that have Windows 7 or 8.1 operating systems, companies should upgrade to take advantage of the newest features that Microsoft has to offer. Please contact us if you need your operating system(s) or PC(s) upgraded.

IT Security: Security for your servers, workstations and stand-alone computers is of the upmost importance. Having the right security measures in place is absolutely necessary, especially with the rise of Ransomware. This includes Windows 10 being the dominant operating system within your organization.

These are the main reasons why you should upgrade your computer. The operating system and applications will run better on a newer system. Also, you can take advantage of newer programs (both cloud and non-cloud) that will work better on a newer system as well. Please let us know if you would like to speak to someone about upgrading your laptop, desktop, workstation or server.

If you would like to know more, please contact us at 1-800-871-9683 for a free consultation. Also, if you still have Windows 7 or 8 Computer(s) in your business, please give us a call to help you upgrade to Windows 10 and Office 365. Our email address is: markhuffman@creativebusinesstechnologies.com

Immediate benefits can be gained by outsourcing IT services through Managed Services.*

Control IT Costs – Outsourcing converts fixed IT costs into variable costs and allows you budget effectively. In other words, only pay for what you use when you need it.

Reduce Labor Costs – Hiring and training an IT staff can be very expensive, and temporary employees don’t always live up to your expectations. Outsourcing lets you focus your human resources where you need them most.

Trained, Experienced, Qualified, Certified – If you’re not IT trained, how do you assure an employee is qualified? Certifications like Microsoft Certified Systems Engineer (MCSE) are important, but so is experience.

Qualified doesn’t Equal Experienced – Few problems are new for leading IT service companies, which see related problems multiple times. An in-house IT employee leads an isolated existence no matter how much they train. We’d all rather an experienced doctor; the same is true for IT.

Increase Efficiency and Competitiveness – Organizations that try to do all IT Services in-house themselves can have much higher research, development, and implementation time, all of which increase costs and are ultimately passed on to customers.

Quickly Implement New Technology – A quality outsourced IT service organization will have the resources to start new projects right away. Handling the same project in-house might involve weeks or months to hire the right people, train them, and provide the support they need. For most implementations, quality IT companies will bring years of experience in the beginning saving time and money.

Stay Focused on Your Core Business – Businesses have limited resources, and every manager has limited time and attention. Outsourcing can help your business stay focused on your core business and not get distracted by complex IT decisions.

Reduce risk – Every business investment carries a certain amount of risk. Markets, competition, government regulations, financial conditions, and technologies all change very quickly. Outsourcing providers assume and manage much of this risk for you, with specific industry knowledge, especially security and compliance issues. They generally are much better at deciding how to avoid risk in their areas of expertise.

Level the Playing Field – Most small businesses can’t afford to match the in-house support services that larger companies maintain. Outsourcing can help small companies act “big” by giving them access to the similar technology, and expertise that large companies enjoy. An independent third party managed cost structure and economy of scale can give your company a competitive advantage.

Compliance and Security – Is your firewall up to date? Do you have a DMZ installed? Do you audit your Workstations and Servers? Has your company implemented PCI security standards and work to maintain those standards? For example, Businesses have more ways than ever to prosper by taking many forms of payments such as Credit and Debit Cards, Gift Certificates, E-Checks, Wire Transfers to name a few, but with these forms of transacting also comes the need for due diligence. By outsourcing a qualified Manages Services company who is familiar with PCI Compliance standards https://www.pcisecuritystandards.org, you can rest assured that your company is minimizing the risks associated with maintaining client data, credit card numbers, sensitive competitive information and more.

*Sources: © 2017 Essent Corporation

If you would like to know more, please contact us at 1-800-871-9683 for a free consultation. Also, if you do not have online BDR (backup-disaster-recovery) and anti-virus/malware protection for your business, please give us a call to help you implement the latest systems. Our email address is: markhuffman@creativebusinesstechnologies.com

You’re a small business owner and you’ve been doing just fine without a huge staff or a dedicated IT guy. But like everything else these days, your business depends on technology: email, databases, documents and spreadsheets—maybe even software unique to your industry, like a computer-aided drafting program. So how do you know when it’s time to bring in some professional IT support?*

Here are 7 key signs, although we’re sure there are many more: 

1. If your billable hours are down because you’ve been troubleshooting computer/printer/router problems—your business needs IT support

Many small business professionals bill by the hour, including attorneys and graphic designers. But if those billable hours have fallen off because you’re wrestling with a computer that won’t start, or an internet connection that’s spotty, then maybe it’s time to bring in expert IT support for your network — while you get back to doing those things that get you paid.

2. If your computer is down with a virus, but the neighbor kid is still at school—your business needs IT support

Maybe your neighbor’s teenage son is a brilliant computer fixer, but the law says he needs to be in school from 8 to 3, and you can’t put your own business on hold waiting for him to help you after hours or on weekends. If you consider your small business to be professional outfit, then start relying on professional IT support.

3. If you missed an important deadline because your printer malfunctioned—your business needs IT support

You waited until the last minute to print off that important presentation. Then your computer suddenly couldn’t connect to your printer. It’s time to bring in a professional who can troubleshoot your network problems. When you know your system is set up properly and is getting regular preventive maintenance, you can procrastinate with more confidence.

4. If you are ready to spend big bucks on hardware for your business, but the big box salesman doesn’t inspire confidence—your business needs IT support

Computers, servers, routers and printers represent a significant financial outlay. Sure, there’s a danger that you could spend too little, which has its own consequences. But more likely you’ll spend too much. A professional business IT consultant has the know-how to assess your business needs now and in the future, helping you prioritize your spending. Professional IT consultants also have access to custom-built solutions that perfectly fit your situation, something you aren’t likely to find at the big box store.

5. If you just tried to upgrade a crucial software package, only to find it won’t run on your computer—your business needs IT support

Adobe Creative Suite is essential software for graphic designers, but each upgrade seems to demands a lot of the computer that runs it. Maybe your profession requires certain software, and you can’t work without it. When new upgrades are released, they usually demand more memory and more speed, maybe even a new operating system. Don’t lose productivity fighting a losing battle. Call on professional IT support so you can get on with your work.

6. If your data isn’t backed up—your business needs IT support

What are you going to do when your hard drive crashes (and it will) or some sort of natural disaster strikes, and you lose all your contacts, documents, contracts, background research, reports or photos? How much of a disruption to your business will you suffer? Put a dollar figure to that, and it doesn’t take long to conclude that professional IT help in setting up a disaster recovery plan, including a first-rate backup solution, is worth the investment.

7. If you are still using Microsoft XP—your business needs IT support

What is Microsoft XP? It is a very old PC operating system that Microsoft will no longer support after April 2014 (this has already happened). Read our earlier post, The End is Near: Support for Windows XP, for more information. If your business is still using Windows XP, merely upgrading to the latest Microsoft operating system may not be simple. Call in professional IT support to determine which version (Windows 7 or Windows 10) is best for your business, and to ensure all your other software and hardware is ready to make the transition.

*Source: invisionkc.com /7-signs-your-small-business-needs-it-support-and-fast/

If you would like to know more, please contact us at 1-800-871-9683 for a free consultation. Also, if you do not have online BDR (backup-disaster-recovery) and anti-virus/malware protection for your business, please give us a call to help you implement the latest systems. Our email address is: markhuffman@creativebusinesstechnologies.com

If you own and operate a small business, lowering costs is an important part of keeping your company in the black. Cutting costs on your IT budget could inadvertently compromise your company’s security. Even though small businesses may not have all of the resources that large corporations do, they are still just as vulnerable to the same security threats.*

Here are some ways to help keep your small business secure:

1. Purchase Anti-virus Software. Every computer is vulnerable to the wide variety of viruses, Trojans, and worms that are on the Internet. These malicious software programs can do anything from damage your computer and files to steal your password and other important information stored on your computer. Purchase a good anti-virus software program and make sure that it is always up to date. Also, check to see that your anti-virus software checks for spyware, adware, and any other type of malware that could be hiding on your computer.
2. Avoid Phishing Emails. It is important to discuss with your employees the importance of not opening spam email, attachments or forwards that could possibly contain viruses. Make sure that your email has a filtering system that helps to filter out spam and other malicious email. Responding to phishing emails can be another costly mistake. Phishing emails are disguised as legitimate emails that then request login and password information. Changing passwords monthly can help to lessen the damage should an employee accidentally respond to a phishing email.
3. Minimize Damage from Dishonest or Disgruntled Employees. It is often difficult to predict if one of your employees will become disgruntled or dishonest, but you can put some safeguards in place to help minimize the damage should you find that you have one. Thoroughly screen your employees before hiring them, especially if they will have access to any confidential or financial company information. Limiting the number of employees that have access to this confidential information and changing your company passwords often can help to prevent former employees from accessing company computers.
4. Secure Your Wireless Network. Make sure that your wireless router is encrypted, and that your business is using WPA2 wireless security. A firewall is another important key to protecting the security of your small business. A firewall will allow access only to authorized users while blocking unauthorized access to the computer.
5. Have an Internet Use Policy. Aside from the obvious lack of productivity that personal Internet use can cause for your business, it can often be too easy to click on websites that contain malicious software that could easily infect your company computer and shut your system down temporarily or even permanently.
6. Avoid Having Everything on One Computer. Purchasing computer equipment is costly, so many small businesses will try to get away with fewer computers in order to save money. If you have your financial information on the same computer that your employees are accessing their company emails, you could risk losing everything that is vital to running your business should an infected email slip through.
7. Have a Data Backup System. Be sure to have some type of data storage and backup system in place in the event that your current system goes down. Having all of your files readily available to you in case of an emergency can ensure that your business will retain customers and continue to run smoothly no matter what the disaster.
8. Minimize Damage from Stolen Equipment. It difficult to prevent break-ins or equipment from being stolen from your home or office building, but you can have some security by ensuring that all of the information on your computer is encrypted and password protected.

Trying to scrimp when it comes to your small business’s computer security can be a costly mistake. Arm yourself with the knowledge of what your business could be up against and take steps towards prevention. The investment will give your company the security necessary to keep your information secure.

*Source: SPC International Online, Inc.

If you would like to know more, please contact us at 1-800-871-9683 for a free consultation. Also, if you do not have online BDR (backup-disaster-recovery) and anti-virus/malware protection for your business, please give us a call to help you implement the latest systems. Our email address is: markhuffman@creativebusinesstechnologies.com

Ransomware attacks are now common, disrupting business operations and costing thousands of dollars in losses. As an MSP, you can protect your business clients from ransomware by understanding the threat and by having the right technologies, policies, people, and processes in place to counter this insidious attack. Here are 10 best practices to consider for protecting yourself and your clients from ransomware.*

1. Understand the Threat: Crypto ransomware works by encrypting certain, sensitive files types and then forcing the victim to pay a ransom to gain access to a decryption key for the data. With nearly all types of crypto ransomware it’s virtually impossible to recover data without paying for the decryption key. Sometimes even paying the ransom won’t decrypt the files.

As an MSP, you need to ensure your infrastructure is adequately secured, and be able to explain to your customers why it’s essential they have the technologies and policies in place to protect themselves.

2. Educate Users: It takes one bad decision by a user to unleash a costly ransomware attack. Ransomware is often delivered as a Trojan, through malvertising, or through a phishing email. Prevention isn’t possible 100% of the time, but in many cases attacks can still be stopped if users are educated about what to look for.

3. Teach Users Not to Phish: The Webroot® 2016 Threat Brief showed that up to 50% of users will fall for a phishing attack in 2016. The key is to teach users to not open emails from unknown senders with attachments or links – and how to spot suspicious emails even when they look like they’re from known senders. Instruct users on spotting expressions or greetings the sender wouldn’t normally use as clues to something “phishy.” If all else fails, real-time anti-phishing protection can often block even zero-day phishing attacks.

4. Maintain Layers of Anti-Ransomware Technology: Reliable, cloud-based antimalware can prevent nearly all ransomware attacks, but it’s important to remember that new delivery vectors are being released constantly, so no endpoint security solution alone will offer you 100% protection. Additional security layers like firewalls, Windows OS policy restrictions, and having proper back-ups in place will all help to secure your environment.

5. Patching and Plug-Ins: Keeping applications like Adobe Reader, Java, and other plugins up to date greatly reduces security vulnerabilities and prevents browser and application vulnerabilities that may bypass your antimalware defenses. Ad and pop-up blockers also greatly reduce user error, stopping users from inadvertently clicking fake dialogs that download ransomware.

6. Use Windows Policies to Block VSS: Blocking access to Volume Shadow Copy Service will help stop ransomware like CryptoLocker from trying to erase file backups. By creating a blocking policy for the VSS Admin executable, any attempt to access or stop the service will result in the action being blocked.

7. Disable Windows Script Hosting: VBS scripts are used by malware authors either to cause disruption in an environment or to run a process that will download more advanced malware. You can disable them completely by disabling the Windows Script Host engine which is used by .VBS files to run. case of a ransomware attack, they might lose data on every mapped drive.

8. Filter .EXE Files in Email Servers: If your customers’ email gateways have the ability to filter files by extension, you should consider denying emails sent with .EXE files, or denying emails sent with files that have two file extensions, the last one being an executable (“*.*.EXE” files). This is a common threat vector for crypto ransomware.

9. Always Have a Back Up: Nothing is more effective at mitigating a crypto ransomware attack than being able to instantly restore data from business continuity backups. As an MSP, you cannot over- emphasize the importance of backups to customers, who sometimes fail to see the value. Remind clients that without a backup they might lose data on every mapped and even unmapped drive. Ransomware such as CryptoLocker can even encrypt networked drives. Having offline air gap or cloud back-ups with multiple copies of each file makes it virtually impossible for extortionists to infect backup data while offering benefits to clients.

10. Stay Current on Ransomware: It pays to keep up with ransomware developments. Some ransomware strains have been cracked, but these are limited successes. Ransomware, like all malware, will continue to evolve. As an MSP, you need to monitor this evolution: which strains are most dangerous and who is being targeted. The more informed you are, the better you can protect customers.

Even though this is written from a MSP perspective, it still details information that business owners need to know concerning the threat of Ransomware.

*Source: Webroot Inc.

If you would like to know more, please contact us at 1-800-871-9683 for a free consultation. Also, if you do not have online BDR (backup-disaster-recovery) and anti-virus/malware protection for your business, please give us a call to help you implement the latest systems. Our email address is: markhuffman@creativebusinesstechnologies.com

This year of 2018, please consider the newest technology options for your business. If it has been awhile since you upgraded your equipment or are not using the latest technologies, you could be missing out on increased productivity and profitability for your business that will definitely improve your bottom line.

The following is a partial list of options to choose from:

• Office 365: If you not using a cloud solution for your business, such as Office 365 for your Office Suite, you could be missing out on great technological options that will benefit your company in the long run.
• Managed Services: Your time as a business professional is usually very limited, since your main focus is doing your business and not dealing with IT. As IT experts, our job is to insure that your network servers, workstations, peripherals (printers, scanners, etc.) and software are operating normally and efficiently with minimal downtime. We make sure everything stays up running as it should.
• Microsoft Windows 10: If your company is still using computers that have Windows 7 or 8.1 operating systems, companies should upgrade to take advantage of the newest features that Microsoft has to offer. Please contact us if you need your operating system(s) upgraded.
• Virus/Malware Issues: Computer viruses and malware can cause havoc on your computers or even on your network servers. If you are experiencing “blue screens of death”, pop-ups, weird error messages, lock-ups, and any other strange behavior on your computer, please contact us right away because most likely it is infected.
• On-line BDR (Backup-Disaster-Recovery): If you are not currently using an on-line backup-disaster-recovery system, you could be putting your data at risk. Statistically, it has been proven that tape data backup on has a recovery rate of only 42% whereas on-line data recovery is 99%. Clearly, on-line BDR is the better way to go. If you would like to know more, please contact us for a free consultation.
• IT Security: Security for your servers, workstations and stand-alone computers is of the upmost importance. Having the right security measures in place is absolutely necessary, especially with the rise of Ransomware.
• Windows Server 2003: If your company is still running Windows Server 2003, you should make plans to upgrade your server as soon as possible to Windows Server 2012 R2 or 2016. The reason for doing so is that servers running Windows Server 2003 are vulnerable to hacking and virus/malware attacks.

As your company makes it’s plans and budgets for the year, please include the considerations listed above. If you need any help, feel free contact us with any questions that you may have. May 2018 be a very prosperous year for your business!

If you would like to know more, please contact us at 1-800-871-9683 for a free consultation. Also, if you do not have online BDR (backup-disaster-recovery) and anti-virus/malware protection for your business, please give us a call to help you implement the latest systems. Our email address is: markhuffman@creativebusinesstechnologies.com

Are We Back Up And Running Yet?

When the time comes to make the switch to Managed IT Services, it is important to know what you are looking for from a provider. As most business owners have or are beginning to realize, there are plenty of benefits that can be realized by bringing on a managed services provider to address IT and other needs.*

In order to get the most from your managed services contract you must carefully compare all potential providers to ensure they are willing and able to provide the services you need to keep your business moving forward in the future. If your managed services provider cannot supply the following three things (at minimum) keep looking until you find a company that addresses these issues.

1. Security – The managed services provider that you choose should work with vendors that guarantee security. This is imperative when trusting an outside party to handle and maintain private and confidential data that is crucial to the running of your business. Service providers should provide detailed proof of security procedures as well as how they intend to keep abreast of changes in the industry.
2. Recovery – Managed IT Services providers are not only contracted to help keep the day-to-day running of your business going smoothly. They are also an important part of any recovery situation that follows a natural or man-made disaster. It is important to discuss with potential providers what procedures they have in place to guarantee your downtown will be minimal and that you will be up and running as soon as possible after an emergency. These precious minutes and hours can make or break the recovery of your business.
3. Customer Service – As with any other business, if there is no customer support backing up the products or services, there isn’t much of a commitment from the provider.

Why are these three things important? To understand you must consider the Managed IT Services model. Managed IT Services providers are hired by a company to provide any or all of the following services:

· Website hosting
· Network monitoring
· Network security
· Remote data backup
· Recovery services

Originally these services were provided to large corporations while small to medium size companies struggled to maintain an IT budget that was often more expensive then beneficial. Managed services providers charge a flat, or monthly fee, making it possible for smaller businesses to reap the benefits offered at a much lower price than in-house IT staff or outsourcing on an as needed basis.

The Managed IT Services platform continues to grow as many businesses look for ways to reduce costs in this tough economy. By offering technological services that might otherwise be beyond the reach of a small business budget, managed services make it possible for smaller businesses to remain competitive with others in their industry.

Small business owners must take the time to carefully review and research each provider before signing on the bottom line. A good managed services provider can change the way you do business- in a positive direction, whereas the wrong choice could be a costly mistake that does more harm than good to your business.

*Source: SPC International Online, Inc.

If you would like to know more, please contact us at 1-800-871-9683 for a free consultation. Also, if you do not have online BDR (backup-disaster-recovery) and anti-virus/malware protection for your business, please give us a call to help you implement the latest systems. Our email address is: markhuffman@creativebusinesstechnologies.com